Token aggregation for multi-party transactions

ABSTRACT

Described herein is a system for generating a master token to be associated with a set of tokens. In some embodiments, a number of tokens may be obtained by a communication device, which may be provided to a primary authorization computer. The primary authorization computer may generate a master token to be associated with each of those tokens. When the master token is used to complete a transaction, an authorization request may be received by the primary authorization computer that includes the master token. Upon receiving this, the primary authorization computer may obtain approval from a number of secondary authorization computers associated with the tokens, and may generate an authorization response based on those approvals.

This application is a continuation application of U.S. application Ser. No. 15/185,949, filed Jun. 17, 2016, titled “TOKEN AGGREGATION FOR MULTI-PARTY TRANSACTIONS”, which is herein incorporated by reference in its entirety for all purposes.

BACKGROUND

There are a number of problems that are present when multiple users attempt to conduct a single transaction. For example, when multiple users at a restaurant wish to contribute different amounts to a bill, the restaurant may receive different payment devices (e.g, different credit cards) from the different users. If, for example, the different users wish to pay for different amounts on the invoice, this can be unduly burdensome for the restaurant and the restaurant may consequently not want to perform the transaction in the manner that the users want. Additionally, the server may be responsible for multiple transactions, which may lead to mistakes in bill apportioning. While one user may provide a single payment device to pay for the multi-party transaction, the one user will need to seek reimbursement from each of the other users. This again often involves a number of communications between the different users and is inefficient.

Embodiments of the invention address these and other problems, individually and collectively.

BRIEF SUMMARY

Embodiments of the disclosure are directed to systems for obtaining a set of initial tokens to be used in completing a transaction, associating a master token with the set of initial tokens, and assigning portions of a transaction for which the master token has been provided to each initial token in the set of initial tokens. In some embodiments, multiple tokens may be obtained by a primary authorization computer. The primary authorization computer generates a master token upon obtaining the set of initial tokens. The master token may then be used to complete a transaction with a resource provider.

Upon receiving an authorization request that includes the master token, the primary authorization computer may determine a portion of the transaction to be assigned to each of the initial tokens in the set of initial tokens. The primary authorization computer may then generate secondary authorization requests to be sent to a number of secondary authorization computers associated with each initial token in the set of initial tokens. Upon receiving authorization responses from each of the secondary authorization computers, the primary authorization computer may generate an authorization response for the transaction.

One embodiment of the invention is directed to a method comprising receiving a set of initial tokens from a communication device, each initial token of the set of initial tokens associated with a different account, generating a master token to be associated with the set of initial tokens, and providing the master token to the communication device. The method further comprises receiving a request to authorize a transaction from a resource provider that includes the master token, generating, for each initial token in the set of tokens, a secondary authorization request message for a portion of the requested transaction, transmitting the generated secondary authorization request messages to secondary authorization computers associated with the respective initial tokens in the set of initial tokens. Upon receiving authorization response messages from the secondary authorization computers, generating subsequent authorization response messages and transmitting them to the resource provider.

Another embodiment of the invention is directed to a mobile device comprising a processor, a short range communication device, and a memory including instructions that, when executed with the processor, cause the mobile device to receive one or more initial tokens, each of which is associated with a different account, add, to the one or more tokens, an initial token associated with the mobile device, and associate, with the one or more initial tokens and the added initial token, a master token. The instructions further cause the mobile device to upon receiving a request to complete a transaction, provide the master token such that portions of the transaction are attributed to each of the one or more initial tokens.

Another embodiment of the invention is directed to a server device comprising a processor, and a memory including instructions that, when executed by the processor, cause the server device to maintain account information associated with a user, receive, from two or more applications, two or more initial tokens, each of the two or more initial tokens associated with a different account. The instructions, when executed by the processor, further cause the server device to generate a master token to be associated with the two or more initial tokens, and provide the generated master token to the user.

These and other embodiments of the invention are described in further detail below.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts a block diagram of an example system architecture capable of implementing at least some embodiments of the current disclosure;

FIG. 2 depicts a diagram of an example primary authorization computer configured to store and manage access credentials and provide authorization for multiple-party transactions in accordance with at least some embodiments;

FIG. 3 depicts a block diagram of an example data flow that may be implemented in accordance with at least some embodiments;

FIG. 4 depicts a process for aggregating tokens into a token grouping and generating a master token associated with the token grouping in accordance with at least some embodiments;

FIG. 5 depicts a process for handling an authorization request message that includes a master token in accordance with at least some embodiments;

FIG. 6 depicts a process flow for conducting and settling a multi-party transaction with a resource provider using a master token in accordance with at least some embodiments; and

FIG. 7 depicts a flow diagram illustrating a process for generating a master token and conducting a transaction using that master token in accordance with at least some embodiments.

DETAILED DESCRIPTION

In the following description, various embodiments will be described. For purposes of explanation, specific configurations and details are set forth in order to provide a thorough understanding of the embodiments. However, it will also be apparent to one skilled in the art that the embodiments may be practiced without the specific details. Furthermore, well-known features may be omitted or simplified in order not to obscure the embodiment being described.

Prior to discussing the details of some embodiments of the present invention, description of some terms may be helpful in understanding the various embodiments.

A “credential” may be any suitable information that serves as reliable evidence of worth, ownership, identity, or authority. A credential may be a string of numbers, letters, or any other suitable characters, as well as any object or document that can serve as confirmation. Examples of credentials include access credentials, value credentials, identification cards, certified documents, access cards, passcodes and other login information, etc.

An “access credential” may be any data or portion of data used to gain access to a particular resource. In some embodiments, an access credential may be a login and/or password for a user account. In some embodiments, an access credential may be include account information or a token associated with the account information, a cryptogram, a digital certificate, etc. A mobile device may store one or more access credentials associated with each communication device. In some embodiments, an access credential stored in association with a communication device may be used to conduct transactions on behalf of the communication device. In some embodiments, the mobile device may store a single access credential that may be used in each transaction initiated by the mobile device.

An “access device” may be any suitable device for communicating with a merchant computer or payment processing network, and for interacting with a payment device, a user computer apparatus, and/or a user mobile device. An access device may generally be located in any suitable location, such as at the location of a merchant. An access device may be in any suitable form. Some examples of access devices include POS devices, cellular phones, PDAs, personal computers (PCs), tablet PCs, hand-held specialized readers, set-top boxes, electronic cash registers (ECRs), automated teller machines (ATMs), virtual cash registers (VCRs), kiosks, security systems, access systems, Websites, and the like. An access device may use any suitable contact or contactless mode of operation to send or receive data from, or associated with, a communication device. In some embodiments, where an access device may comprise a POS terminal, any suitable POS terminal may be used and may include a reader, a processor, and a computer-readable medium. A reader may include any suitable contact or contactless mode of operation. For example, card readers can include radio frequency (RF) antennas, optical scanners, bar code readers, or magnetic stripe readers to interact with a communication device. In some embodiments, an access device may also be referred to as a terminal device.

“Account data” may refer to any content of an account of a user conducting a transaction. In some embodiments, account data may be payment account data that may be utilized to make a purchase. In other embodiments, account data may be any content associated with a user's non-financial account. For example, account data may include electronic files, photos, videos, and documents stored by the user's account. In some embodiments, account data may be stored by an authorization computer.

“Account information” may refer to any information surrounding an account of a user. For example, account information may include account data and one or more account identifiers. In some embodiments, the account identifier may be a PAN or primary account number. The PAN may be 14, 16, or 18 digits. Account information may also include an expiration date associated with the account, as well as a service code and/or verification values (e.g., CVV, CVV2, dCVV, and dCVV2 values).

An “authorization request message” may be an electronic message that requests authorization for a transaction. In some embodiments, it is sent to a transaction processing computer and/or an issuer of a payment card to request authorization for a transaction. An authorization request message according to some embodiments may comply with ISO 8583, which is a standard for systems that exchange electronic transaction information associated with a payment made by a user using a payment device or payment account. The authorization request message may include an issuer account identifier that may be associated with a payment device or payment account. An authorization request message may also comprise additional data elements corresponding to “identification information” including, by way of example only: a service code, a CVV (card verification value), a dCVV (dynamic card verification value), a PAN (primary account number or “account number”), a payment token, a user name, an expiration date, etc. An authorization request message may also comprise “transaction information,” such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, acquirer bank identification number (BIN), card acceptor ID, information identifying items being purchased, etc., as well as any other information that may be utilized in determining whether to identify and/or authorize a transaction.

An “authorization response message” may be a message that responds to an authorization request. In some cases, it may be an electronic message reply to an authorization request message generated by an issuing financial institution or a transaction processing computer. The authorization response message may include, by way of example only, one or more of the following status indicators: Approval—transaction was approved; Decline—transaction was not approved; or Call Center—response pending more information, merchant must call the toll-free authorization phone number. The authorization response message may also include an authorization code, which may be a code that a credit card issuing bank returns in response to an authorization request message in an electronic message (either directly or through the transaction processing computer) to the merchant's access device (e.g. POS equipment) that indicates approval of the transaction. The code may serve as proof of authorization. As noted above, in some embodiments, a transaction processing computer may generate or forward the authorization response message to the merchant.

A “communication device” may be any electronic device that has a primary function related to communication. A communication device may be capable of establishing a communication session with another electronic device and transmitting/receiving data from that device. In some embodiments, a communication device may act as a proxy device between two or more other electronic devices by establishing communication sessions with each of the devices and relaying information between the devices. A mobile device may be a type of communication device.

An “issuer” may typically refer to a business entity (e.g., a bank) that maintains an account for a user that is associated with a portable communication device such as an account enrolled in a mobile application installed on a portable communication device. An issuer may also issue account parameters associated with the account to a portable communication device. An issuer may be associated with a host system that performs some or all of the functions of the issuer on behalf of the issuer.

A “token” may be a substitute for a real credential. In some embodiments, a token may include an identifier for a payment account that is a substitute for a real credential such as primary account number (PAN). For example, a token may include a series of numeric and/or alphanumeric characters that may be used as a substitute for an original account identifier. For example, a token “4900 0000 0000 0001” may be used in place of a PAN “4147 0900 0000 1234.” In some embodiments, a token may be “format preserving” and may have a numeric format that conforms to the account identifiers used in existing payment processing networks (e.g., ISO 8583 financial transaction message format). In some embodiments, a token may be used in place of a PAN to initiate, authorize, settle or resolve a payment transaction or represent the original credential in other systems where the original credential would typically be provided. In some embodiments, a token value may be generated such that the recovery of the original PAN or other account identifier from the token value may not be computationally derived. In other embodiments, a token may be mathematically derived (e.g., with an encryption key) from the real credential. Further, in some embodiments, the token format may be configured to allow the entity receiving the token to identify it as a token and recognize the entity that issued the token.

A “master token” may be a type of token that may be a substitute for a token grouping (e.g., a set of initial tokens). A master token may be associated with a token grouping stored within a token vault. For example, a token grouping may include a plurality of tokens, each of which is associated with a separate account. In this example, a master token may be associated with the token grouping such that any time that the master token is used to complete a transaction, a portion of the transaction is allocated to each of the tokens in the token grouping. In some embodiments, a master token may be associated with configuration settings that indicate how a transaction should be apportioned to each token within the token grouping. The master token and the initial tokens that it relates to may all have the same format (e.g., 16, 18, or 19 numerical digits) in some embodiments of the invention.

A “mobile device” may be any computing device capable of traveling with a user. In some embodiments, a mobile device can include any suitable computing device configured to establish communication sessions with one or more communication devices and a resource provider (either directly or via a primary authorization computer) and (in some cases) to initiate transactions with the resource provider on behalf of the communication devices. In some embodiments, the mobile device may store one or more access credentials to be used in these transactions. In some embodiments, the mobile device may be configured to store one or more protocol sets related to transactions and/or communication devices. The mobile device may be further configured to confirm that transactions are in compliance with these transaction protocols prior to initiating the transactions.

A “primary authorization computer” may be any computing device that can authorize a request. The primary authorization computer may provide any suitable service and/or processing for obtaining a set of tokens, associating a master token with the set of tokens, and authorizing transactions in accordance with the disclosure. In some embodiments, the primary authorization computer may maintain an account for one or more users. The primary authorization computer may also store one or more configuration settings related to the authorization of transactions conducted using the master token.

A “secondary authorization computer” may be any computing device that can authorize a request. In some embodiments, a secondary authorization computer is configured to authorize authorization request messages including initial tokens. A secondary authorization computer may be owned and/or operated by an entity that is unaffiliated with the primary authorization computer.

A “server computer” may include a powerful computer or cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a Web server. The server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers. The server computer may comprise one or more computational apparatuses and may use any of a variety of computing structures, arrangements, and compilations for servicing the requests from one or more client computers.

A “resource provider” may be an entity that can provide a resource such as goods, services, information, and/or access. Examples of a resource provider includes merchants, access devices, secure data access points, etc. A “merchant” may typically be an entity that engages in transactions and can sell goods or services, or provide access to goods or services.

Details of some embodiments of the present invention will now be described.

FIG. 1 depicts an example system architecture capable of implementing at least some embodiments of the current disclosure. In FIG. 1, a primary authorization computer 102 may be in communication with one or more secondary authorization computers 104(1-N) via processing networks 106. The primary authorization computer 102 may also be in communication with a communication device 108. For example, as is described in greater detail elsewhere in the specification, the primary authorization computer 102 may receive initial tokens from the communication device 108 and may subsequently provide a master token to the communication device 108. The communication device 108 may, in turn, provide the master token to an access device 110 to complete a transaction. The access device 110 may be in communication with a resource provider computer 112, which may further be in communication with the primary authorization computer 102 via the processing network 106.

The primary authorization computer 102 may be any type of computing device, including a remotely located server computer, configured to manage a set of tokens and process and authorize transactions directed to the set of tokens. In some embodiments, the primary authorization computer 102 may perform one or more actions on behalf of the communication device 108. Additionally, it should be noted that in some embodiments, the primary authorization computer 102 may be embodied by one more virtual machines implemented in a hosted computing environment. The hosted computing environment may include one or more rapidly provisioned and released computing resources, which computing resources may include computing, networking, and/or storage devices. A hosted computing environment may also be referred to as a cloud-computing environment. In some embodiments, the primary authorization computer 102 may be configured to provide a master token to the communication device 108. In some embodiments, a primary authorization computer may be a mobile application server that supports a mobile application installed on, and executed from, the communication device 108. In some embodiments, the primary authorization computer may be a server that supports mobile payment applications. For example, an e-wallet application may be installed on the communication device 108. In this example, the set of tokens may comprise a set of payment information account tokens.

A secondary authorization computer 104 may be any computing device or plurality of computing devices configured to receive an authorization request message for a transaction, authorize or decline the transaction, and provide an authorization response message based on whether the transaction has been authorized or declined. The secondary authorization computer 104 may determine whether to authorize or decline the transaction based on information associated with the transaction. In some embodiments, the transaction information may include an initial token that may be obtained from or derived from a real credential such as a real PAN. In some embodiments, the secondary authorization computer 104 may be operated by an issuer of a payment account (e.g., a credit card). As depicted in FIG. 1, there may be a number of secondary authorization computers 104 involved in the system, each of which may be owned and/or operated by a separate entity.

In some examples, the transaction processing network 106 may include any one or a combination of many different types of networks, such as cable networks, the Internet, wireless networks, cellular networks, and other private and/or public networks. In addition, the transaction processing network 106 may comprise multiple different networks. For example, the resource provider computer 112 may utilize a 3G network to communicate with a wireless router, which may then route the communication over a public network (e.g., the Internet) to the primary authorization computer 102. In some embodiments, the transaction processing network 106 may be an electronic payment network (e.g., VisaNet) or a combination of electronic payment networks.

The communication device 108 may be any electronic device configured to receive token information and provide information related to a master token to an access device 110 to conduct a transaction. In some embodiments, the communication device 108 may be a mobile phone or any other suitable portable electronic device. The communication device 108 may include a processor 114 capable of processing user input. The communication device 108 may also include one or more input sensors 116 for collecting input. In some embodiments, the input may include user provided input. Some non-limiting examples of input sensors 116 that may be included in a communication device include keyboards, mice, microphones, cameras, motion sensors, accelerometers, cameras, pressure sensors, thermometers, a global positioning system (GPS), a barcode reader, etc.

In some embodiments, the communication device 108 may include a communication interface 118 configured to enable communication between the communication device 108 and another electronic device (e.g., access device 110 and/or the primary authorization computer 102). Examples of communication interface 118 may include one or more radio frequency (RF) transceivers configured to send and receive communications using near-field communications (NFC), or other radio frequency or wireless communication protocols such as Bluetooth, Bluetooth low-energy (BLE), a wireless local area network (e.g., WiFi), iBeacon, etc. In some embodiments, communication interface 118 may include an infrared communication device. In some embodiments, the communication interface 118 may include both long range and short range communication means. For example, the communication interface may include an antenna configured to connect to a cellular network in order to enable communication with various other components of the depicted architecture.

In some embodiments, the communication technology used by the communication device 108 may depend on the type of power source used by the communication device. For example, if the device has access to a regular, external power supply, it may include a WiFi interface. Alternatively, if the device relies on a battery instead of an external power supply, it may include a means for communication that consumes less power, such as low power Bluetooth interface, a ZigBee interface, a near field communication (NFC) or radio frequency (RF) interface, or any other suitable wireless access interface.

Embodiments of one or more modules on the communication device 108 may be stored and executed from its memory 120. Turning to the contents of the memory 120 in more detail, the memory 120 may include an operating system 122 and one or more modules configured to cause the processor 114 to carry out instructions in accordance with at least some embodiments of the disclosure. For example, the memory 120 may include an aggregation module 124 configured to work with the processor 114 to receive token information from one or more external sources and initiate one or more transactions using a master token. Additionally, the memory 120 may include information related to one or more access credentials (token data 126).

In some embodiments, the aggregation module 124 may be programmed to cause the communication device 108 to receive one or more tokens from token sources, provide the one or more received tokens to a primary authorization computer 102, and receive a master token in return. The aggregation module 124 may also be programmed to cause the communication device 108 to provide the master token to an access device 110 to complete a transaction. In some embodiments, the aggregation module 124 may be implemented as an application installed on, and executed from, the communication device 108. In some embodiments, the primary authorization computer 102 may provide backend support for the aggregation module 124. For example, the primary authorization computer 102 may perform at least some processing tasks required by the aggregation module 124. In some embodiments, the aggregation module 124 may further include instructions for communicating securely with the primary authorization computer 102. For example, the aggregation module 124 may include encryption protocols and/or encryption keys utilized by the primary authorization computer 102.

The memory 120 of communication device 108 may include a secure execution environment such as a secure memory (e.g., Smartcard based technology available in low-power devices). In some embodiments, the secure memory may include a secure element. A secure element (SE) can be a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (e.g. key management) in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities. Sensitive information (e.g., token data 126 or other suitable access credential data) provisioned onto the communication device 108 may be stored in the secure memory.

The communication device 108 may also establish a connection with a primary authorization computer 102 that provides back end support for the communication device 108 by maintaining and managing token mappings. In some embodiments, upon initiation of a transaction by the user, the communication device 108 may transmit information related to the communication device 108 to the primary authorization computer 102. The primary authorization computer 102 may retrieve token information to be associated with the communication device 108 and/or transaction and may send that token information to the communication device 108. In this way, the token information may be provisioned onto the communication device 108. The token information may include an access credential (e.g., a master token), consumer identifier, access credential expiration conditions, and/or any other suitable information relevant to the communication device 108.

The access device 110 may be any computing device that controls access to a resource (e.g., a good or service). In some embodiments, the access device 110 may be owned and/or operated by a merchant or service provider. For example, the access device 110 may be a point of sale (POS) device (e.g., a cash register) used to complete transactions on behalf of the merchant or service provider.

Resource provider computer 112 may be a computing device configured to receive a transaction request and initiate a transaction. In some embodiments, the resource provider computer 112 may be associated with an electronic commerce site. For example, the resource provider may maintain a catalog of items and/or services available for purchase. The resource provider may also be associated with a utility company or other resource provider. In some embodiments, the resource provider may enable a user to pay a bill or other outstanding debt related to resource acquisition. The resource provider computer 112 may also be configured to complete a transaction upon receiving an authorization response message indicating that a transaction has been approved.

In some embodiments, the resource provider computer 112 may be in communication with an acquirer computer. An acquirer computer may be any computing device or plurality of computing devices configured to process transaction information received from the resource provider computer 112 and generate an authorization request message to be transmitted to the primary authorization computer 102. In some embodiments, the acquirer computer may be owned and/or operated by a banking institute with which the operator of the resource provider 110 maintains an account. In some embodiments, the resource provider may be an acquirer computer.

For simplicity of illustration, a certain number of components are shown in FIG. 1. It is understood, however, that embodiments of the invention may include more than one of each component. In addition, some embodiments of the invention may include fewer than or greater than all of the components shown in FIG. 1. In addition, the components in FIG. 1 may communicate via any suitable communication medium (including the internet), using any suitable communications protocol.

FIG. 2 depicts an example primary authorization computer 102 configured to store and manage access credentials and provide authorization for multiple-party transactions in accordance with at least some embodiments. The depicted primary authorization computer may be an example primary authorization computer 102 of FIG.

As described above, the primary authorization computer 102 may be any type of computing device, including a remotely located server computer, configured to manage a set of tokens and process and authorize transactions directed to the set of tokens. In at least some embodiments, the computing device may include at least one memory 202 and a processing unit (or processor(s)) 204. The processor(s) 204 may be implemented as appropriate in hardware, computer-executable instructions, firmware or combinations thereof. Computer-executable instruction or firmware embodiments of the processor(s) 204 may include computer-executable or machine executable instructions written in any suitable programming language to perform the various functions described.

The memory 202 may store program instructions that are loadable and executable on the processor(s) 204, as well as data generated during the execution of these program instructions. Depending on the configuration and type of computing device, the memory 202 may be volatile (such as random access memory (RAM)) and/or non-volatile (such as read-only memory (ROM), flash memory, etc.). The computing device may also include additional storage 206, such as either removable storage or non-removable storage including, but not limited to, magnetic storage, optical disks, and/or tape storage. The disk drives and their associated computer-readable media may provide non-volatile storage of computer-readable instructions, data structures, program modules, and other data for the mobile device. In some embodiments, the memory 202 may include multiple different types of memory, such as static random access memory (SRAM), dynamic random access memory (DRAM) or ROM.

Turning to the contents of the memory 202 in more detail, the memory 202 may include an operating system 208 and one or more application programs or services for implementing the features disclosed herein including at least a token management module 210 for managing access credentials (e.g., sets of tokens and corresponding master tokens) and/or an authorization processing module 212 for responding to authorization requests in accordance with authorization requests received from secondary authorization computers. The memory 202 may also include a token vault 214, which provides data associated with one or more token relationships and configuration data 216, which provides information on transaction protocols for access credentials.

In some embodiments, the token management module 210 may, in conjunction with the processor 204, be configured to receive tokens from a communication device and store the received tokens as a token grouping in a token vault. The token management module 210 may also, in conjunction with the processor 204, be configured to generate a master token to be associated with the token grouping within the token vault and provide the master token to the communication device in response to receiving the tokens. In some embodiments, the master token may be mathematically derived from the initial tokens that are associated with it. In other embodiments, there is no mathematical relationship between the master token and the initial tokens that are associated with it.

In some embodiments, the authorization processing module 212 may, in conjunction with the processor 204, be configured to receive an authorization request from a resource provider that includes a master token, determine a token grouping associated with the master token, generate secondary authorization requests to secondary authorization computers associated with each of the tokens in the token grouping, and generate an authorization response in accordance with secondary responses received from each of the secondary authorization computers. In some embodiments, the authorization processing module 212 may also, in conjunction with the processor 204, be configured to determine a portion of a transaction to be assigned to each token within a token grouping.

The primary authorization computer 102 may also contain communications interface(s) 218 that enable the primary authorization computer 102 to communicate with a stored database, another computing device or server, one or more terminal devices, communication devices, and/or other electronic devices on a network.

The primary authorization computer 102 may also include input/output (I/O) device(s) and/or ports 220, such as for enabling connection with a keyboard, a mouse, a pen, a voice input device, a touch input device, a display, speakers, a printer, etc.

FIG. 3 depicts an example data flow 300 that may be implemented in accordance with at least some embodiments. The data flow depicted in FIG. 3, may be implemented at least by the components of the example architecture depicted in FIG. 1.

In data flow 300, a communication device 302 operated by a first user may receive tokens 304 from a number of token sources. In some embodiments, the communication device 302 may receive tokens from other communication devices (not shown) operated by other users. For example, each of the other communication devices may transmit an initial token to the communication device 302. In some embodiments, this transmission may occur via a short range communication mechanism such as near-field communications (NFC), Bluetooth, Bluetooth low-energy (BLE), wireless local area network (WLAN) (e.g., WiFi), iBeacon, ZigBee, radio frequency (RF), infrared transmission (IR), or any other suitable means of communicating at close proximity. In some embodiments, the communication device 302 may include a barcode reader and tokens may be received by scanning a machine readable code displayed on the other communication devices.

The communication device 302 may send the received initial tokens 304 to a primary authorization computer 102. In some embodiments, the initial tokens 304 may be aggregated into a set of initial tokens and provided to the primary authorization computer 102. In some embodiments, the initial tokens may be provided to the primary authorization computer 102 as they are received by the communication device 302. The primary authorization computer 102 may also receive an indication that each of the received initial tokens 304 is to be stored in relation to the same master token. For example, a user may, upon executing an aggregation module stored in memory of the communication device 302, interact with a graphical user interface (GUI) to initiate creation of a token grouping. The communication device 302 may then initiate collection of the initial tokens 304 from the various token sources. Upon collecting all of the initial tokens 304 to be included in a token grouping, the user may indicate that all initial tokens 304 have been received. The received initial tokens may then be stored by the primary authorization computer 102 as a token grouping within a token vault. In addition, the primary authorization computer 102 may add an initial token associated with the user of the communication device 302 to the token grouping.

Once the creation of the token grouping has been initiated (or once a token grouping has been created), the primary authorization computer 102 may generate a master token 306. The master token 306 is stored in relation to the token grouping maintained by the primary authorization computer 102. Upon generation of the master token 306, it may be provided to the communication device 302 by the primary authorization computer 102. In some embodiments, the master token 306 may be provided to a specific application installed on the communication device 302. For example, the communication device 302 may include an e-wallet application that includes the aggregation module and is configured to cause the communication device 302 to transmit the master token 306 to an access device 308 in order to complete a transaction.

After receiving the master token 306, the communication device 302 may provide the master token 306 to an access device 308 to conduct a transaction. For example, a merchant may initiate a transaction for goods and or services with the user of the communication device 302. The user may present the master token 306 to the merchant via the access device 308 in order to complete the transaction. Upon receiving the master token 306, the access device 308 may communicate the master token 306 to a resource provider computer 310. The resource provider computer 310 may subsequently generate an authorization request message that include information related to the transaction as well as the master token 306. The authorization request message may then be provided to the primary authorization computer 102 (e.g., via a transaction processing network).

Upon receiving an authorization request message that includes the master token 306, the primary authorization computer 102 may identify the token grouping associated with the master token 306 by querying the token vault. Once the token grouping has been identified, secondary authorization computers 312 may be identified for each of the initial tokens in the token grouping. In some cases, the secondary authorization computer 312 may be the same for multiple tokens within the token grouping. The primary authorization computer 102 may subsequently generate secondary authorization request messages to each of the identified secondary authorization computers 312 for each token in the token grouping, the secondary authorization request messages each being for authorization of a portion of the transaction and each containing at least an initial token that is associated with the master token. In some embodiments, the portion of the transaction allocated to each token may be determined based on configuration settings stored in relation to the token grouping. This will be described in greater detail elsewhere in the specification. The generated secondary authorization request messages may be provided to each of the relevant secondary authorization computers via one or more transaction processing networks.

The primary authorization computer 102 may receive, from each of the secondary authorization computers 312, an secondary authorization response message indicating whether the corresponding portion of the transaction is approved. Prior to doing so, each secondary authorization computer 312 may determine the real credentials (e.g., primary account numbers) are associated with the initial token in the authorization request message that is received. The secondary authorization computer 312 may do this by searching its own initial token vault or reaching out to an external token vault. Using the real credentials, the secondary authorization computer 312 may determine if the transaction is authorized by authenticating information in the authorization request message and/or the user, and determining if there are sufficient funds in the account associated with the real credential. In other embodiments, if the secondary authorization computer 312 is a payment processor, then the secondary authorization computer 312 may then generate another authorization request message with the real credential and may then forward that authorization request message to an issuer of the real credential for approval.

Upon receiving secondary authorization response messages for all of the generated secondary authorization request messages, the primary authorization computer 102 may generate an authorization response message to the received authorization request message to be provided to the resource provider computer 310. If each of the received secondary authorization request messages indicate that their portion of the transaction is approved, then the primary authorization computer may generate a subsequent authorization response message indicating that the transaction is approved. If, on the other hand, one or more of the received secondary authorization response messages may indicate that a portion of the transaction is declined, then the authorization response message generated by the primary authorization computer 102 may indicate that the transaction is declined. In some embodiments, the primary authorization computer 102 may provide a notification to the communication device 302 indicating any declined portion of the transaction.

In other embodiments, if the secondary authorization computer 312 is a payment processor, then the secondary authorization computer 312 may receive an authorization response message with the real credential from the issuer of the real credential, and may then forward that authorization response message with the real credential to the primary authorization computer 102.

FIG. 4 depicts a process for aggregating initial tokens into a token grouping and generating a master token associated with the token grouping in accordance with at least some embodiments. In FIG. 4, a communication device 108 may be in communication with one or more token sources 402, which may provide initial tokens to the communication device 108. In some embodiments, the initial token sources may be separate communication devices. Each of the initial token sources 402 may be associated with a token service 404. For example, in the case that each of the initial token sources 402 is a mobile device, each mobile device may have installed a token service application (e.g., an ewallet application). The token service applications installed on each mobile device may be different, or they may be a separate instance of the same token service application. Token service 404 may be any system capable of being used to generate, process, and maintain tokens and related account information such as dynamic keys.

By way of illustrative example, in a first scenario, a first mobile device may have installed a Visa Mobile Payments application configured to provide a Visa token in order to complete a transaction. A second mobile device may include an Android Pay application configured to provide an Android Pay token in order to complete a transaction. In this scenario, the first mobile device may provide a Visa token to the communication device 108 and the second mobile device may provide an Android Pay token to the communication device 108. In a second scenario, both a first and second mobile device may have an instance of a Visa Mobile Payments application installed. In this scenario, each of the mobile devices may provide different Visa tokens to the communication device 108.

Initial tokens may be conveyed to the communication device 108 in a variety of ways. For example, in some cases, the initial token may be transmitted to the communication device via a short-range wireless communication protocol. In another example, the initial token may be displayed on a display screen of a communication device as a machine-readable code, from which it may be scanned by a barcode scanner included in the communication device 108. In another example, an initial token may be manually entered (e.g., keyed) into the communication device 108. In this example, a token source 402 may display an initial token and a user may be required to enter the initial token into a field of a GUI executed on the communication device 108. In some embodiments, an initial token may be conveyed to the communication device via a text message or email communication.

Receipt of the initial tokens by a communication device 108 may be initiated by a user via execution of a mobile application installed on the communication device 108. For example, the user may execute a mobile application (e.g., an e-wallet application) installed on the communication device 108. Upon execution of the mobile application, the user may be prompted to at least select an existing master token to be used in a transaction or to create a new token grouping to be associated with a new master token to be used in future transactions. Upon selecting the option to create a new grouping, the mobile application may cause various input sensors installed on the communication device 108 to monitor for incoming token information. In some embodiments, the user may specify the way in which a token is to be received by the communication device 108. For example, the user may initiate a barcode reader in communication with the mobile application. Each token received by the communication device 108 may subsequently be provided to the authorization computer 102.

In some embodiments, an initial token associated with the user of the mobile device (e.g., depicted as token 3) may be added to the token grouping. For example, in some embodiments, a default token may be added to each token grouping affiliated with a particular user or communication device 108 that represents an account to be used by that user. In some embodiments, a user may select an account to be associated with the token grouping and an initial token associated with that account may be added to the token grouping.

Upon receiving the initial tokens, a user may be provided with the ability to provide configuration settings to be associated with a token grouping. For example, the user may be given, via the GUI, an ability to indicate a portion of future transactions 406 that should be associated with each received initial token. In some embodiments, the user may select a percentage or fraction to be associated with each initial token within the initial token grouping. In some embodiments, a user may select a maximum, minimum, or exact amount to be assigned to a particular token. In some embodiments, one token may be associated with a remainder for each transaction (e.g., any portion of a transaction left unassigned). In some embodiments, the user may be required to assign portions to each initial token in the token grouping such that the assigned portions total the entire transaction. In some embodiments, the configuration settings may include a default that dictates portions of a transaction are to be assigned so that they are evenly proportioned to each token in the token grouping unless otherwise indicated.

The primary authorization computer 102 may store the initial tokens received from the communication device 108 in a token vault 214 as a token grouping. A master token may be generated and may be associated with the token grouping. Specifically, token vault 214 may maintain a mapping between a master token and the set of initial tokens represented by the master token. During transaction processing, token vault 214 may be queried to retrieve the set of tokens associated with the master token. Upon its creation, the master token 408 may be provided to the communication device 108.

In some embodiments, a user may be provided the ability to add initial tokens to, remove tokens from, or otherwise update, the token grouping. For example, the user may be provided with the ability to select an initial token to be removed from the token grouping via the communication device 108 or another client device. In this example, a new master token may or may not be generated. In addition, the user may be provided with the ability to edit the configuration settings stored in relation to the token grouping. For example, the user may edit a percentage portion of a future transaction that will be assigned to each token in the token grouping.

In some embodiments, the master token and/or the token grouping may be associated with a user account maintained by the primary authorization computer 102. A user may access information from the user account by logging into a secure network site hosted by the primary authorization computer 102 or another server associated with the primary authorization computer 102. For example, the user may log into his or her account via a website operated on behalf of the primary authorization computer 102. In another example, the user may log into his or her account via a mobile application installed on, and executed by, the communication device. In this example, the mobile application may be instantiated and/or operated on behalf of the primary authorization computer 102. The user may be provided with the ability to edit token groupings, edit configuration settings associated with token groupings, create a new token grouping, request a new master token, set up automatic payments using a master token, or make any other suitable changes to the user account.

FIG. 5 depicts a process for handling an authorization request message that includes a master token in accordance with at least some embodiments. The primary authorization computer 102 depicted in FIG. 5 may be an example primary authorization computer 102 of FIG. 1.

The primary authorization computer 102 may receive an authorization request 502 associated with a transaction to be completed. As described elsewhere in this specification, the authorization request message 502 may be received from a resource provider computer. Upon receiving the authorization request message, the primary authorization computer 102 may identify a master token 504 within the request. For example, the authorization request may comprise particular data fields and may be in a particular format. In this example, the authorization request message 502 may identify the master token 504 with a specified data field.

Once the primary authorization computer 102 has identified the master token associated with the authorization request message, it may query a token vault for a token grouping associated with the master token 504. In some embodiments, the primary authorization computer 102 may also query configuration data 216 to identify a set of configuration settings associated with the master token 504. Once the primary authorization computer has identified the relevant token grouping and configuration settings, it may determine an appropriate portion of the transaction to be associated with each token and may subsequently generate secondary authorization request messages for each of the initial tokens in the identified token grouping.

The primary authorization computer 102 may determine an appropriate portion of the transaction to be associated with each initial token according to the identified configuration settings. For example, a set of configuration settings may indicate a percentage, fraction, or dollar amount to be associated with each token within the token grouping. In some embodiments, the primary authorization computer 102 may assign an equal portion of the transaction to each of the tokens in the token grouping. In some embodiments, the primary authorization computer 102, upon receiving the authorization request message 502, may communicate information related to the transaction to a user associated with the master token and may subsequently receive, from the user, an assignment of portions of the transaction for each initial token in the token grouping.

In some embodiments, the portions of the transaction assigned to each initial token in the token grouping may sum to an amount that is greater than the transaction itself. For example, the primary authorization computer 102 may charge an additional fee for the use of the token aggregation service, which may be distributed amongst the initial tokens in the token grouping. In another example, the primary authorization computer 102 may identify any relevant service fees that will be charged by each of the secondary authorization computers that maintain the tokens. These fees may be aggregated by the primary authorization computer 102 and it may be determined whether the fees are greater than a maximum fee threshold (e.g., the most that the originator of the authorization request 502 should be charged for using the service). If the aggregated fees are greater than the maximum fee threshold, then any overage may also be distributed amongst the tokens in the token grouping.

For each of the initial tokens 1-N in the token grouping, the primary authorization computer 102 may generate an authorization request message to be sent to a secondary authorization computer associated with that initial token. In some embodiments, the primary authorization computer 102 may generate each secondary authorization request for the portion of the transaction determined to be assigned to the initial token associated with the secondary authorization request. In some embodiments, a secondary authorization request may be generated by the primary authorization computer 102 for an amount greater than its determined portion of the transaction. For example, the primary authorization computer 102 may seek to gain pre-approval using an initial token for an amount greater than the portion of the transaction assigned to that initial token.

In some embodiments, the primary authorization computer 102 may include information indicating the originator of the authorization request message in each secondary authorization request message. For example, if an authorization request message is received by the primary authorization computer 102 from Restaurant A, then the secondary authorization requests generated by the primary authorization computer may each indicate that the originator is Restaurant A. This enables the users to better track purchases and allows users to participate in programs that reward users for shopping at specific merchants or types of merchants. In some embodiments, the originator of the authorization request may be removed from the secondary authorization requests. This would enable a user to increase the privacy of his or her purchase history by preventing visibility of embarrassing purchases. In some embodiments, these settings may be included in the configuration settings editable by the user.

After transmitting secondary authorization requests to each relevant secondary authorization computer, the primary authorization computer 102 may monitor responses 506. Upon receiving a response 506 for each of the generated secondary authorization requests, the primary authorization computer 102 may determine a status for the transaction and may generate an authorization response 508. For example, if each of the responses is an approval, then the primary authorization computer 102 may generate an authorization response message 508 that indicates that the transaction is approved. If one or more of the responses 506 indicates that a portion of the transaction is declined, then the primary authorization computer 102 may generate an authorization response message 508 that indicates the transaction is declined.

FIG. 6 depicts a process flow 600 for conducting and settling a multi-party transaction with a resource provider using a master token in accordance with at least some embodiments. In process flow 600, a communication device 108 may be in communication with a primary authorization computer 102. For example, the communication device 108 may have an e-wallet application installed, that when executed, establishes a communication session with an e-wallet service provider executed on the primary authorization computer 102. The communication device may be configured to communicate with an access device in communication with a resource provider computer 112. The resource provider computer 112 may be in communication with the primary authorization computer 102 via a transaction processing network 106. The primary authorization computer 102 may be in communication with a number of secondary authorization computers 104 via the transaction processing network 106.

The process flow 600 may begin at S602, when the communication device 108 provides a set of initial tokens to the primary authorization computer 102. In some embodiments, the communication device 108 may communicate the set of initial tokens over a communication session encrypted using an encryption protocol specific to the e-wallet application. Upon receiving the set of initial tokens, the primary authorization computer 102 may store the set of initial tokens in a token vault maintained by the primary authorization computer 102. The primary authorization computer 102 may generate a master token to be mapped to the set of initial tokens within the token vault. In some cases, the initial tokens that were received by the communication device 108 from external token sources may be automatically deleted after a predetermined period of time.

At S604, the primary authorization computer 102 may transmit the master token to the communication device 108. In some embodiments, the master token may be provided to the communication device via the same communication session established above. In some embodiments, the primary authorization computer 102 may establish a new communication session over which the master token is to be provided to the communication device 108. In some embodiments, the master token may be encrypted using a different encryption key than that which the set of tokens were encrypted.

At S606, the communication device 108 may provide the master token to a resource provider computer 112 (e.g., via an access device) to complete a transaction. For example, the communication device 108 may present the master token to an access device (e.g., via a contactless reader) to complete a transaction. The access device may transmit the master token, as well as transaction information, to the resource provider computer 112 to initiate the transaction.

At S608, the resource provider computer 112 may generate an authorization request message associated with the transaction. The generated authorization request message may include the master token as well as information related to the transaction to be completed. The generated authorization request may be provided to a transaction processing network 106 to be routed to an appropriate primary authorization computer 102.

At S610, the transaction processing network 106 may, upon receiving the authorization request, determine the primary authorization computer 102 is the authorizing entity for the received transaction request. In some embodiments, the transaction processing network 106 may make this determination based on a format of the master token included within the authorization request message. Upon determining that the primary authorization computer 102 is the authorizing entity for the authorization request message, the transaction processing network 106 may route the authorization request message to the primary authorization computer 102.

At S612, the primary authorization computer may identify the master token within the received authorization request message and may query the token vault for the set of tokens associated with the master token. The primary authorization computer 102 may then determine an appropriate portion of the transaction to be associated with each token in the set of tokens and may subsequently generate secondary authorization request messages for each initial token in the set of initial tokens. Each of the generated secondary authorization request messages may include its associated initial token as well as some or all of the information related to the transaction. In some embodiments, each secondary authorization request may include an identifier (e.g., a transaction identifier or the master token) that is used to map the secondary authorization request to the transaction. In some embodiments, each of the generated secondary authorization requests may include different identifiers. In some embodiments, an identifier included in a secondary authorization request may be formatted to include a transaction identifier followed by a token identifier. For example, if the transaction identifier is 12345678 and the token identifier is C, then the secondary identifier may be 12345678C, indicating that it is related to token C from transaction 12345678. This identifier may be used to map each of the secondary request messages generated to its corresponding transaction and/or token.

At S614, the primary authorization computer 102 may provide the generated secondary authorization request messages to the transaction processing network 106 to be routed to their appropriate secondary authorization computers 104. Upon receiving the requests, the transaction processing network 106 may determine an appropriate secondary authorization computer 104 for each of the secondary authorization requests. In some embodiments, the transaction processing network 106 may make this determination based on a format of the token included in each of the secondary authorization request messages.

At S616, the transaction processing network may route each of the secondary authorization request messages to its corresponding secondary authorization computer 104. In some embodiments, multiple secondary authorization request messages may be routed to the same secondary authorization computer 104 for separate authorization. In some embodiments, some or all of the secondary authorization requests may be routed to different secondary authorization computers 104 for authorization.

At S618, each of the secondary authorization computers 104 may resolve the initial tokens into their associated real credentials and may determine whether or not to approve the portion of the transaction associated with the secondary authorization request. For example, the secondary authorization computer 104 may decline the secondary authorization request if there is a high likelihood of fraud. In another example, the secondary authorization computer 104 may decline the transaction if a payment account associated with the token included in the secondary authorization request has insufficient funds. The secondary authorization computers 104 may generate authorization response messages based on whether the portion of the transaction is to be approved or declined. Each of the generated authorization responses may represent pre-approval for a portion of the transaction. In some embodiments, an identifier that was present in the secondary request message may be included in the secondary response message so that the secondary response message may be tied to its corresponding transaction by the primary authorization computer 102.

At S620, each of the secondary authorization computers 104 may provide the generated authorization response message to the transaction processing network 106 to be routed to the primary authorization computer 102. Upon receipt, the transaction processing network 106 may route each of the received authorization responses to the primary authorization computer 102 at S622.

At S624, the primary authorization computer 102 may monitor for, and assess, each authorization response received in order to determine if the transaction is to be approved. The primary authorization computer 102 may map each secondary response message to its corresponding transaction via the identifier included in the secondary response message. In some embodiments, the primary authorization computer 102 may decline the transaction if one or more portions of the transaction are declined. In some embodiments, the primary authorization computer may determine that the transaction should be approved as long as it is an amount that is greater than a total amount associated with the transaction. For example, the portions of the transaction associated with each token may sum to an amount greater than an amount associated with the transaction itself. In this example, the primary authorization computer may approve the transaction as long as an amount associated with the approved authorization responses are sufficient to cover the amount of the transaction.

At S626, the authorization response message may be transmitted to the transaction processing network 106. Upon receiving the authorization response message, the transaction processing network 106 may route the authorization response message to the resource provider computer 112 at S628.

At S630, a settlement and clearing process may be initiated by the resource provider computer 112. In the settlement and clearing process, the resource provider computer 112 (or an acquirer associated with the resource provider that operates the resource provider computer 112) may provide a request for funds to be transferred to an account associated with and/or maintained by, the resource provider. The request for funds may be provided to the primary authorization computer 102. In some embodiments, the request may be provided directly to the primary authorization computer 102. In some embodiments, the request may be provided to the transaction processing network 106 and forwarded to the primary authorization computer 102 at S632.

At S634, upon receiving the request for funds, the primary authorization computer 102 may generate separate requests for funds to be provided to each of the secondary authorization computers. The separate requests for funds may each be for the portion of the transaction associated with each of the tokens. The requests for funds may be sent to each of the secondary authorization computers associated with those tokens. In some embodiments, the separate requests for funds may include instructions to transfer funds to an account associated with and/or operated by the primary authorization computer. In some embodiments, the requests for funds may include instructions to transfer funds directly to the account associated with the resource provider computer 112.

At S636, in some embodiments, each of the secondary authorization computers 104 may transfer funds to the account associated with the primary authorization computer 102. Upon detecting that all of the requested funds had been transferred to the account associated with the primary authorization computer 102, the primary authorization computer may initiate a fund transfer to the account associated with the resource provider computer 112 at S638. In some embodiments, each of the secondary authorization computers 104 may transfer funds to the account associated with the resource provider computer 112 at S638. In other embodiments, the secondary authorization computers 104 may settle directly with the resource provider computer 112 or its acquirer, without using the primary authorization computer 102.

By way of illustrative example, consider a scenario in which multiple parties attend a gathering at a restaurant. In this example, the multiple parties may wish to split a bill for the food that was ordered at the restaurant. In this scenario, one of the parties may collect payment tokens from each of the other multiple parties using an application installed on his or her mobile phone. In this scenario, the tokens may represent payment information for a number of different payment account types. The application may transmit each of the received tokens to a mobile application server (in this example, the primary authorization computer). Upon receiving the tokens, the mobile application server may generate a master token and push it to the application on the mobile device.

In this example, the owner of the mobile device may use the master token to pay the bill. The restaurant, upon receiving the master token to complete a transaction for the purchased food, would treat the master token as it would any other payment information (e.g., by generating an authorization request to an authorization entity of the master token), by providing it to an acquirer. In this illustrative example, the acquirer would seek authorization from the mobile application server (which is acting as the authorization entity) and the mobile application server would then seek authorization from authorization entities associated with each of the tokens in the set of tokens (i.e., the secondary authorization computers). In this example, once authorization is received from each of the authorization entities associated with the set of tokens, the mobile application server may generate an authorization response for the transaction to be provided to the acquirer. In this illustrative example, the user with the mobile application on his or her mobile device may collect the tokens from the other parties immediately prior to paying the bill, or far in advance. For example, the user may receive the master token before going to the restaurant. In some embodiments, the master token may be used in multiple transactions. For example, the user may utilize the same master token each time that the multiple parties meet up. If one or more of those parties are absent, the user may simply elect to assign no portion of the transaction to the absent parties.

In another illustrative example, multiple users may each share a living space and may each be responsible for a portion of rent. In this example, one of the users may collect tokens from each of his or her roomates. The user may provide these tokens to a primary authorization computer via a web browser. Upon receiving these tokens, the primary authorization computer may generate a master token and provide it to the user. The master token may subsequently be used to complete a number of transactions. For example, the master token may be used to pay for rent, utilities, and/or groceries. In some embodiments, the master token may be used to set up an auto-pay notification. In this illustrative example, each of the transaction would automatically be split up between each of the parties responsible for the transaction.

In yet another illustrative example, a single user may wish to distribute transactions between a number of credit cards or other payment accounts. For example, the user may wish to conduct a transaction for an amount that exceeds his or her current transaction limits. In this example, the user may provide tokens associated with multiple payment accounts to a primary authorization computer and may also indicate how a transaction is to be divided amongst those accounts. A master token may then be generated and associated with those payment accounts. In this example, the user may conduct a single transaction and that transaction may be divided amongst different payment accounts.

In some embodiments, the token information may represent something other than payment information. For example, multiple parties may wish to board a train or attend a concert. In this example, the multiple parties may each have a token that represents a ticket. The multiple parties may each present their separate tickets to a single user's mobile device. Information associated with the tickets may then be aggregated at a remote server, which may in turn provide a master token. In this scenario, the master token may be presented by the user in order to gain entry for each of the multiple parties to the ticketed venue.

FIG. 7 depicts a flow diagram illustrating a process 700 for generating a master token and conducting a transaction using that master token in accordance with at least some embodiments. In some embodiments, the process 700 may be conducted by a primary authorization computer 102 depicted in FIG. 1.

The process 700 may begin at 702, when a set of initial tokens is provided to a primary authorization computer. In some embodiments, the set of initial tokens may be provided to the authorization computer by a communication device.

At 704, a master token may be generated and associated with the set of tokens. The master token may be stored in the token vault in association with the set of received tokens. For example, the master token may be stored in a database table with an indication that it is related to the set of initial tokens. The master token may be provided to a communication device at 706.

At 708, the primary authorization computer may receive an authorization request message that includes the master token. Upon receiving this authorization request message, the primary authorization computer may identify the set of initial tokens associated with the master token at 710. For example, the primary authorization computer may query a token vault for the master token.

Upon identifying the set of tokens associated with the master token, the primary authorization computer may determine a portion of the transaction to be associated with each of the tokens at 712. For each initial token in the set of initial tokens, the primary authorization computer may generate a secondary authorization request to be sent to an authorization computer associated with the initial token for the portion of the transaction associated with the initial token at 714. Each of the generated secondary authorization requests including the respective initial tokens may be transmitted to their corresponding secondary authorization computers via a transaction processing network.

The primary authorization computer may receive responses from each of the secondary authorization computers to which the secondary authorization requests have been sent. Based on these received responses, the primary authorization computer may generate an authorization response message at 716. The generated authorization response message may include an indication as to whether the transaction is to be approved or declined. Once generated, the authorization response message may be provided in response to the received authorization request at 718.

Embodiments of the invention provide for a number of technical advantages. For example, embodiments of the invention enable a group of users to split a transaction amongst the group, and allows a user to specify exact proportions to be allocated to each token. In most other transaction-splitting systems, a single user often settles the transaction with the merchant, and other users reimburse that single user for their portion. However, in these systems, the single user may end up being responsible for a larger portion of the transaction if one or more of the reimbursements are declined. In the described transaction-splitting system, preapproval is obtained for each of the additional parties prior to authorizing the transaction. This significantly reduces the risk that any single user will be responsible for a larger portion of the transaction.

Additionally, some transaction-splitting systems provide a set of tokens to a merchant for payment and require the merchant to allocate portions of the transaction to each of the provided tokens. In the described transaction-splitting system, the master token is presented to the merchant as any other token would be (e.g., via any other type of e-wallet application), which appears to the merchant as a single token. The merchant is able to treat the master token as it would any other token, and need not adopt any special software or hardware. Accordingly, the described transaction-splitting system may be used at any merchant that already accepts payment tokens. Furthermore, the described transaction-splitting system may be made token agnostic. For example, the described transaction-splitting system may accept a wide range of tokens, which enables consumers to utilize payment accounts at a merchant that may or may not be typically accepted by that merchant, because the merchant need only accept the master token.

It should be understood that any of the embodiments of the present invention can be implemented in the form of control logic using hardware (e.g. an application specific integrated circuit or field programmable gate array) and/or using computer software with a generally programmable processor in a modular or integrated manner. As used herein, a processor includes a single-core processor, multi-core processor on a same integrated chip, or multiple processing units on a single circuit board or networked. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will know and appreciate other ways and/or methods to implement embodiments of the present invention using hardware and a combination of hardware and software.

Any of the software components or functions described in this application may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C, C++, C#, Objective-C, Swift, or scripting language such as Perl or Python using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions or commands on a computer readable medium for storage and/or transmission, suitable media include random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a compact disk (CD) or DVD (digital versatile disk), flash memory, and the like. The computer readable medium may be any combination of such storage or transmission devices.

Such programs may also be encoded and transmitted using carrier signals adapted for transmission via wired, optical, and/or wireless networks conforming to a variety of protocols, including the Internet. As such, a computer readable medium according to an embodiment of the present invention may be created using a data signal encoded with such programs. Computer readable media encoded with the program code may be packaged with a compatible device or provided separately from other devices (e.g., via Internet download). Any such computer readable medium may reside on or within a single computer product (e.g. a hard drive, a CD, or an entire computer system), and may be present on or within different computer products within a system or network. A computer system may include a monitor, printer, or other suitable display for providing any of the results mentioned herein to a user.

The above description is illustrative and is not restrictive. Many variations of the invention will become apparent to those skilled in the art upon review of the disclosure. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the pending claims along with their full scope or equivalents. For example, although the described embodiments mention the use of tokens for purchase transactions, tokens can also be used to access data or other services. For example, multiple people may have tickets or other access credentials used to gain access to a location or service (e.g., a train ride or concert). In this example, the tickets for the multiple people may be aggregated under a single master token.

One or more features from any embodiment may be combined with one or more features of any other embodiment without departing from the scope of the invention.

A recitation of “a”, “an” or “the” is intended to mean “one or more” unless specifically indicated to the contrary.

All patents, patent applications, publications, and descriptions mentioned above are herein incorporated by reference in their entirety for all purposes. None is admitted to be prior art. 

What is claimed is:
 1. A method comprising: receiving, by a mobile application executed from a primary communication device of a primary user, one or more initial tokens from one or more secondary communication devices of one or more secondary users; generating, by the mobile application, a set of initial tokens by adding another initial token from the primary communication device to the one or more initial tokens, wherein each initial token of the set of initial tokens is associated with a different account maintained by one or more authorization computers; transmitting, by the mobile application, the set of initial tokens to a primary authorization computer; receiving, by the mobile application from the primary authorization computer, a master token associated with the initial set of tokens; and transmitting, by the mobile application, the master token to a terminal of a resource provider for completing a transaction with the resource provider, wherein the master token includes an indication of a portion of the transaction to be assigned to each one of the initial token aggregated into the master token.
 2. The method of claim 1, wherein at least one initial token of the set of initial tokens received by the primary communication device from the one or more secondary communication devices is not associated with the primary authorization computer.
 3. The method of claim 1, wherein the portion of the transaction is determined based at least in part on configuration settings associated with the master token.
 4. The method of claim 3, wherein the configuration settings associated with the master token are maintained by the primary authorization computer in association with an account associated with the primary communication device.
 5. The method of claim 4, wherein the configuration settings are updateable by a user associated with the account.
 6. The method of claim 1, wherein each token of the set of initial tokens represents a different payment account.
 7. The method of claim 1, wherein the one or more initial tokens are received via a short range communication channel established between the primary communication device and the one or more secondary communication devices.
 8. The method of claim 1, wherein each of the one or more initial tokens is associated with a portion of a total amount of the transaction.
 9. The method of claim 1, further comprising: providing, by the mobile application, a graphical user interface to be displayed on the primary communication device; receiving, by the mobile application, a user input to create a token grouping; and adding, by the mobile application, the set of initial tokens to the token grouping.
 10. The method of claim 9, further comprising: associating, by the mobile application, configuration settings with the token grouping, wherein the configuration settings indicate a portion of the transaction to be associated with each one of the set of initial tokens.
 11. The method of claim 9, further comprising: adding, by the mobile application, a default token to the token grouping, wherein the default token is associated with a portion of the transaction that is unassigned to the set of initial tokens.
 12. The method of claim 9, further comprising: receiving, by the mobile application, a user input to modify the token grouping.
 13. The method of claim 12, wherein the user input to modify the token grouping adds or removes a token from the token grouping.
 14. The method of claim 12, wherein the user input to modify the token grouping modifies the portion of the transaction assigned to one of the set of initial tokens.
 15. A mobile application server device comprising: one or more processors; and a memory including instructions that, when executed by the one or more processors, cause the mobile application server device to support a mobile application executed from a primary communication device of a primary user, wherein the mobile application is configured to: receive one or more initial tokens from one or more secondary communication devices of one or more secondary users; generate a set of initial tokens by adding a token from the primary communication device to the one or more initial tokens, wherein each initial token of the set of initial tokens is associated with a different account maintained by one or more authorization computers; transmit the set of initial tokens to a primary authorization computer; receive, from the primary authorization computer, a master token associated with the initial set of tokens; and transmit the master token to a terminal of a resource provider for completing a transaction with the resource provider, wherein the master token includes an indication of a portion of the transaction to be assigned to each one of the initial token aggregated into the master token.
 16. The mobile application server device of claim 15, wherein at least one initial token of the set of initial tokens is not associated with the primary authorization computer.
 17. The mobile application server device of claim 15, wherein each token of the set of initial tokens represents a different payment account.
 18. The mobile application server device of claim 15, wherein each of the one or more initial tokens is associated with a portion of a total amount of the transaction.
 19. The mobile application server device of claim 15, wherein the mobile application is further configured to add the set of initial tokens to a token grouping, and associate configuration settings with the token grouping, wherein the configuration settings indicate a portion of the transaction to be associated with each one of the set of initial tokens.
 20. The mobile application server device of claim 15, wherein the mobile application is further configured to modify the token grouping by adding a token to the token grouping, removing a token from the token grouping, or modifying the portion of the transaction assigned to one of the set of initial tokens. 